CVE-2024-54225

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 9, 2024
CWE ID 98

Summary

CVE-2024-54225 is a new vulnerability affecting the CodegearThemes Designer software. This issue involves improper control of filenames in PHP include/require statements, leading to a Local File Inclusion (LFI) vulnerability. An attacker could potentially exploit this vulnerability to gain unauthorized access to sensitive files or execute malicious code on the affected system. The Designer software, from an undisclosed version up to 1.3.3, is susceptible to this issue. Users are advised to update to a patched version as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share